CVE-2023-0811

Description

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.

Remediation

Workaround:

  • OMRON has released the following countermeasures for users to implement: * Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) * Set UM read protection password and “Prohibit from overwriting to a protected program “option. If the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: Security measures to prevent unauthorized access: * If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function. * Select the Protect by IP Address * Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.   * Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. * Use a virtual private network (VPN) for remote access to control systems and equipment. * Use strong passwords and change them frequently. * Install physical controls so that only authorized personnel can access control systems and equipment. * Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. * Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. * Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. * Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. * Data recovery * Periodical data backup and maintenance to prepare for data loss. For more information, see Omron’s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .

Category

9.1
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.14%
Vendor Advisory omron.com
Affected: Omron CJ1M SYSMAC CJ-series
Affected: Omron CJ1M SYSMAC CJ-series
Affected: Omron CJ1M SYSMAC CJ-series
Affected: Omron CJ1M SYSMAC CJ-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CS-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Affected: Omron CJ1M SYSMAC CP-series
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01 third party advisory us government resource
https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-0811?
CVE-2023-0811 has been scored as a critical severity vulnerability.
How to fix CVE-2023-0811?
As a workaround for remediating CVE-2023-0811: OMRON has released the following countermeasures for users to implement: * Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) * Set UM read protection password and “Prohibit from overwriting to a protected program “option. If the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: Security measures to prevent unauthorized access: * If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function. * Select the Protect by IP Address * Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.   * Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. * Use a virtual private network (VPN) for remote access to control systems and equipment. * Use strong passwords and change them frequently. * Install physical controls so that only authorized personnel can access control systems and equipment. * Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. * Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. * Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. * Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. * Data recovery * Periodical data backup and maintenance to prepare for data loss. For more information, see Omron’s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .
Is CVE-2023-0811 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-0811 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-0811?
CVE-2023-0811 affects Omron CJ1M SYSMAC CJ-series, Omron CJ1M SYSMAC CJ-series, Omron CJ1M SYSMAC CJ-series, Omron CJ1M SYSMAC CJ-series, Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CS-series , Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series, Omron CJ1M SYSMAC CP-series.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.